Ensure that network security group monitoring is enabled within your Microsoft Azure cloud account so that Azure Security Center service can audit the network security groups associated with your VMs for overly permissive traffic rules.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
When "Monitor Network Security Groups" feature is enabled, it detects network security groups with too permissive rules and recommends that these be configured to control the inbound and outbound traffic to virtual machines that have public endpoints. Network security groups that are configured for a subnet are inherited by all VM network interfaces unless otherwise specified.
To determine if "Monitor Network Security Groups" feature is enabled in Azure Security Center, perform the following actions:
Remediation / Resolution
To enable network security group monitoring for your Microsoft Azure virtual machines (VMs), perform the following actions:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Enable Network Security Group Monitoring
Risk level: Medium